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DETAILED ACTION 

1. The request filed July 12, 2006 for a request for continued examination (RCE) 
under 37 CFR 1.1 14 based on patent application 09/885234 is acceptable and an RCE 
has been established. Every Independent claims 1, 10 and 19 has been amended. 
Dependent claims 11 and 20 have also been amended and New claims 31 is added. 

Response to Arguments 

2. Applicant's remark/ arguments filed on July 12, 2006 regarding have been fully 
considered but they are not persuasive. 

Applicant argument is based on the combination of the reference used in 
rejecting the corresponding limitation recited in the independent claim 1, 10 and 
19. 

Applicant in particular argued that the limitation which is now added by 
amendment recited as "the user identity value is generated by a one-way 
function" is not disclosed by the combination references used in the record 
namely, Kathrow and Pereira. 
Examiner disagrees with the above argument. 

Examiner would point out that the limitation argued by applicant in particular, 
"the user identity value is generated by a one-way function" is a feature 
which is already disclosed in the previous office action. This is simply because 
the hash function used to generate a hash value meets the limitation of the one- 
way function. 

In order to show how this particular limitation "the user identity value is 
generated by a one-way function"is disclosed in the previous office action, the 
examiner rewrites the rejection made to at least one of the independent claim. 
For instance the primary reference Kathrow discloses the following limitation 
recited in the independent claim 1 
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A method to detect tampering with registry settings in a computer comprising: 

• Generating a user identity value [hash Value of the user Password] 
associated with a user identity; (In Microsoft operating system, in the process 
of authentication, generation of a user identity value or the hash value of the 
user password is inherently included. For NT, user enters their password and 
the clients hashes the user's password, and generates the hash value or the 
user identity value and encrypts the server's challenge with this hash and sends 
two responses to the server: One response uses the LAN Manager hash and 
another response uses the stronger NT hash. The server then compares the 
client's response hash with the client's hash in the SAM Registry hive.) (For the 
source /explanation that the examiner used, see reference U, page 2, second 
paragraph) 

• Storing the user identity value [hash value of the user password]; 
(Storing the client's hash or the user identity value or the hash value of the 
user password, in the SAM Registry as explained above for the purpose of 
authentication is inherently included in the Microsoft operating system, NT) (For 
the explanation/ source that the examiner used See reference U, page 2, second 
paragraph) 

Furthermore Kathrow discloses 

• Generating a registry security value [ Fingerprint of the registry 
file/s which includes hash value of the Windows registry file/s] 
associated with a system registry; [column 5, lines 11-25; column 4, 
lines 26-column 5, line 25; figure 2, ref. Num "222" and "232"] 
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• Storing the registry security value; [Column 5, lines 1 1-26; figure 2, 
ref. Num "232"] (content storage stores the fingerprint of the file 

shown on figure 2, ref. Num "232") and 

• Authenticating by the application program the system registry after 
reading the system registry. (As explained in the disclosure and on the 
dependent claim 5, this limitation comprises 

• Generating a new registry security value [ Fingerprint of the registry 
file/s which includes hash value of the Windows registry file/s]; 

[Column 5, lines 41-62; figure 2, ref. Num "234"] (The new registry fmger 
print is generated and stored on storage shown on figure 2, ref. Num 
"234"] 

• Comparing the new registry security value with the stored registry 
security value; [Column 6, lines 20-21; column 7, lines 1-6; figure 2, ref. 
Num "242"] and allowing processing to continue if the new registry 
security value is equal to the stored registry security value. [Column 
6, lines 32-36; column 10, lines 38-43] (The processing will not be 
allowed to continue if the new registry security value is not equal with 
the stored security value. If this is the case, that is if they are found to be 
different, then the comparison result will be reported.) 

Kathrow does not explicitly disclose 

A user identity value associated with a user identity authorized to change 
a system registry of the computer is generated by an application program 
running in the computer and 

The generated registry security value which associated with system 
registry is generated by the application program. 
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However, in the field of endeavor Pereira, discloses 

The access control program may use an application program interface (API) to 
modify the registry system file in accordance with the restricted list files 
generated by the access control program. [Column 10, lines 29-33 and column 
10, line 1 -column 11, line 10]. This meets the limitation of A user identity value 
associated with a user identity authorized to change a system registry of the 
computer is generated by an application program running in the computer and 
the generated registry security value which associated with system registry is 
generated by the application program. 

Furthermore Pereira discloses detecting an attempt to change a system 
registry; [column 4, lines 49-54; column 4, lines 40-44; column 4, lines 49-51 
column 10, lines 20-21] and generating a user identity value associated with 
the user identity; [column 10, lines 20-26] (if the user enters the 
corresponding password user would be able to define/ access resources in the 
registry) 

Therefore even though the specification has a limitation that could be novel, 
the claims have not yet been written to overcome the rejection set forth in the 
previous office action. Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. 
See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) 

Therefore each and every limitation of the independent claims are disclosed 
by the combination of references on the record and the rejection is maintained 
until the applicant further amends the independent claims and successfully 
overcome the rejection without introducing new matters. 
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Claim Rejections - 35 USC §103 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-6. 10-15.19-24. 29 and 31 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Kathrow et al. (hereinafter referred as Kathrow)(U.S. Patent 
No. 6,263,348) in view of Pereira. (hereinafter referred as Pereira)(U.S. Patent No. 5, 
809, 230) 

5. As per claims 1-2.10-11. 29 and 31 Kathrow discloses a method to detect 
tampering with registry settings in a computer comprising: 

• Generating a user identity value [hash Value of the user Password] 

associated with a user identity; (In Microsoft operating system, in the process 
of authentication, generation of a user identity value or the hash value of the 
user password is inherently included. For NT, user enters their password and 
the clients hashes the user's password, and generates the hash value or the 
user identity value and encrypts the server's challenge with this hash and sends 
two responses to the server: One response uses the LAN Manager hash and 
another response uses the stronger NT hash. The server then compares the 
client's response hash with the client's hash in the SAM Registry hive.)(For the 
source/ explanation that the examiner used, see reference U, page 2, second 
paragraph) 
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• the user identity value is generated by a one-way function [bash 
Value of the user Password meets the limitation of a one-way function] (In 

Microsoft operating system, in the process of authentication, generation of a 
user identity value or the hash value of the user password is inherently 
included. For NT, user enters their password and the clients hashes the user's 
password, and generates the hash value or the user identity value and encrypts 
the server's challenge with this hash and sends two responses to the server: One 
response uses the LAN Manager hash and another response uses the stronger 
NT hash. The server then compares the client's response hash with the client's 
hash in the SAM Registry hive.) (For the source/ explanation that the examiner 
used, see reference U, page 2, second paragraph) 

• Storing the user identity value [hash value of the user password]; 
(Storing the client's hash or the user identity value or the hash value of the 
user password, in the SAM Registry as explained above for the purpose of 
authentication is inherently included in the Microsoft operating system, NT) (For 
the explanation/ source that the examiner used See reference U, page 2, second 
paragraph) 

Furthermore Kathrow discloses 

• Generating a registry security value [ Fingerprint of the registry 
file/s which includes hash value of the Windows registry file/s] 
associated with a system registry; [column 5, lines 1 1-25; column 4, 
lines 26-column 5, line 25; figure 2, ref. Num "222" and w 232 w ] 
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Storing the registry security value; [Column 5, lines 1 1-26; figure 2, 



ref. Num a 232 n ] 



(content storage stores the fingerprint of the file 



shown on figure 2, ref. Num "232") and 

• Authenticating by the application program the system registry after 
reading the system registry. (As explained in the disclosure and on the 
dependent claim 5, this limitation comprises 

• Generating a new registry security value [ Fingerprint of the registry 
file/s which includes hash value of the Windows registry file/s]; 

[Column 5, lines 41-62; figure 2, ref. Num "234"] (The new registry finger 
print is generated and stored on storage shown on figure 2, ref. Num 
"234"] 

• Comparing the new registry security value with the stored registry 
security value; [Column 6, lines 20-21; column 7, lines 1-6; figure 2, ref. 
Num "242"] and allowing processing to continue if the new registry 
security value is equal to the stored registry security value. [Column 
6, lines 32-36; column 10, lines 38-43] (The processing will not be 
allowed to continue if the new registry security value is not equal with 
the stored security value. If this is the case, that is if they are found to be 
different, then the comparison result will be reported.) 

Kathrow does not explicitly disclose 

A user identity value associated with a user identity authorized to change 
a system registry of the computer is generated by an application program 
running in the computer and 

The generated registry security value which associated with system 
registry is generated by the application program. 
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However, in the field of endeavor Pereira, discloses 

The access control program may use an application program interface (API) to 
modify the registry system file in accordance with the restricted list files 
generated by the access control program, [Column 10, lines 29-33 and column 
10, line 1-column 11, line 10]. This meets the limitation of A user identity value 
associated with a user identity authorized to change a system registry of the 
computer is generated by an application program running in the computer and 
the generated registry security value which associated with system registry is 
generated by the application program. 

Furthermore Pereira discloses detecting an attempt to change a system 
registry; [column 4, lines 49-54; column 4, lines 40-44; column 4, lines 49-51 
column 10, lines 20-21] and generating a user identity value associated with 
the user identity; [column 10, lines 20-26] (if the user enters the 
corresponding password user would be able to define/ access resources in the 
registry) 

It would have been obvious to one having ordinary skill in the art, at the time 
the invention was made, to combine the features of a user identity value 
associated with a user identity authorized to change a system registry of the 
computer is generated by an application program running in the computer and 
the feature of generating registry security value which associated with system 
registry by application program as per teachings of Pereira into the method 
taught by Kathrow, in order to provide more security to prevent tampering with 
registry settings. [See Pereira, column 4, lines 49-54; column 4, lines 40-44; 
column 4, lines 49-51 column 10, lines 20-21] 

6. As per claims 19-20 Kathrow discloses an Apparatus comprising: 
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• A bus; [figure 1] (The bus is inherently included in the computer system 
shown on figure 1, it connects the cpu/ processor with the memory or 
storage) 

• A data Storage device coupled to said bus and that stores a plurality 
of instructions which implement an application program; [Figure 1, 
ref. Num "162" and "164" and column 3, lines 23-34) (The storage device 
shown on figure 1, ref. Num "162 and "164 n are coupled to the processor 
by said bus as shown on figure 1 and also software instructions are 
stored in storage 162 as explained on column 3, lines 23] 

• A processor coupled to said data storage device, [figure 1, ref. Num 
"160" and "162" and "164") 

• Said processor operable to receive said instructions which, when 

executed by the processor, cause the processor to [Column 3, lines 
23-27; column 3, lines 27-56] 

• Generating a user identity value [hash Value of the user Password] 
associated with a user identity; (In Microsoft operating system, in the process 
of authentication, generation of a user identity value or the hash value of the 
user password is inherently included. For NT, user enters their password and 
the clients hashes the user's password, and generates the hash value or user 
identity value and encrypts the server's challenge with this hash and sends two 
responses to the server: One response uses the LAN Manager hash and another 
response uses the stronger NT hash. The server then compares the client's 
response hash with the client's hash in the SAM Registry hive.)(For the 
explanation/ source that the examiner used, see reference U, page 2, second 
paragraph) 



Application/Control Number: 09/885,234 Page 
Art Unit: 2132 

• the user identity value is generated by a one-way function [hash 
Value of the user Password meets the limitation of a one-way function] (In 

Microsoft operating system, in the process of authentication, generation of a 
user identity value or the hash value of the user password is inherently 
included. For NT, user enters their password and the clients hashes the user's 
password, and generates the hash value or the user identity value and encrypts 
the server's challenge with this hash and sends two responses to the server: One 
response uses the LAN Manager hash and another response uses the stronger 
NT hash. The server then compares the client's response hash with the client's 
hash in the SAM Registry hive.)(For the source /explanation that the examiner 
used, see reference U, page 2, second paragraph) 

• Storing the user identity value [hash value of the user password]; 
(Storing the client's hash or the user identity value or the hash value of the 
user password, in the SAM Registry as explained above for the purpose of 
authentication is inherently included in the Microsoft operating system, NT) (For 
the explanation/ source that the examiner used See reference U, page 2, second 
paragraph) 

Furthermore Kathrow discloses 

• Generating a registry security value [ Fingerprint of the registry 
file/s which includes hash value of the Windows registry file/s] 
associated with a system registry; [Column 5, lines 1 1-25; column 4, 
lines 26-column 5, line 25; figure 2, ref. Num "222", ref. Num "232"] 
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• Storing the registry security value; [Column 5, lines 1 1-26; figure 2, 
ref. Num "232"] (content storage stores the fingerprint of the file 

shown on figure 2, ref. Num "232") and 

• Authenticating the system registry after reading the system registry 
based on the stored registry security value. (As explained in the 
disclosure and on the dependent claim 5 and 23, this limitation 
comprises 

• Generating a new registry security value [ Fingerprint of the registry 
file/s which includes hash value of the Windows registry file/s]; 

[Column 5, lines 41-62; figure 2, ref. Num "234"] (The new registry finger 
print is generated and stored on storage shown on figure 2, ref. Num 
"234"] 

• Comparing the new registry security value with the stored registry 
security value; [Column 6, lines 20-21; column 7, lines 1-6; figure 2, ref. 
Num "242"] and allowing processing to continue if the new registry 
security value is equal to the stored registry security value. [Column 
6, lines 32-36; column 10, lines 38-43] (The processing will not be 
allowed to continue if the new registry security value is not equal with 
the stored security value. If this is the case, that is if they are found to be 
different, then the comparison result will be reported.) 

Kathrow does not explicitly disclose 

Generating a user identity value associated with a user identity 
authorized to change a system registry of the said apparatus 

However, in the field of endeavor Pereira, discloses 
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The access control program may use an application program interface (API) to 
modify the registry system file in accordance with the restricted list files 
generated by the access control program. [Column 10, lines 29-33 and column 
10, line 1 -column 11, line 10]. This meets the limitation of a user identity value 
associated with a user identity authorized to change a system registry of the 
computer is generated by an application program running in the computer and 
the generated registry security value which associated with system registry is 
generated by the application program. 

Furthermore Pereira discloses detecting an attempt to change a system 
registry; [column 4, lines 49-54; column 4, lines 40-44; column 4, lines 49-51 
column 10, lines 20-21] and generating a user identity value associated with 
the user identity; [column 10, lines 20-26] (if the user enters the 
corresponding password user would be able to define/ access resources in the 
registry) 

It would have been obvious to one having ordinary skill in the art, at the time 
the invention was made, to combine the features of a user identity value 
associated with a user identity authorized to change a system registry of the 
computer is generated by an application program running in the computer and 
the feature of generating registry security value which associated with system 
registry by application program as per teachings of Pereira into the method 
taught by Ka throw, in order to provide more security to prevent tampering with 
registry settings. [See Pereira, column 4, lines 49-54; column 4, lines 40-44; 
column 4, lines 49-51 column 10, lines 20-21] 

7, As per claims 3-4 and 12-13 the combination of Kathrow and Pereira 

discloses a method as applied to claims 1 and claim 10 above. Furthermore Kathrow 
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discloses the method wherein generating a registry security value associated with a 
system registry comprises: concatenating system registry information; and inserting the 
concatenated system registry information in a one-way function to obtain the registry 
security value. [ Column 4, lines 26-column 5, line 25; figure 2, ref. Num "232"] 

8. As per claims 5-6 and 14-15 the combination of Kathrow and Pereira 

discloses a method as applied to claims 1 and 10 above. Furthermore Kathrow 
discloses the method wherein authenticating the system registry after reading the 
system registry comprises: 

• Generating a new registry security value [ Fingerprint of the registry 
file/s which includes hash value of the Windows registry file/s]; 

[Column 5, lines 41-62; figure 2, ref. Num "234"] (The new registry finger 
print is generated and stored on storage shown on figure 2, ref. Num 
"234"] 

• Comparing the new registry security value with the stored registry 
security value; [Column 6, lines 20-21; column 7, lines 1-6; figure 2, ref. 
Num "242"] and allowing processing to continue if the new registry 
security value is equal to the stored registry security value. [Column 
6, lines 32-36; column 10, lines 38-43] (The processing will not be 
allowed to continue if the new registry security value is not equal with 
the stored security value. If this is the case, that is if they are found to be 
different, then the comparison result will be reported.) 

9. As per claims 21-22 the combination of Kathrow and Pereira discloses an 

apparatus as applied to claim 19 above. Furthermore Kathrow discloses an apparatus 

wherein the processor operable to receive instructions which, when executed by the 
processor, cause the processor to generate a registry security value associated with a 
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system registry comprises the processor to concatenate system registry information; 
and to insert the concatenated system registry information in a function to obtain the 
registry security value. [ Column 4, lines 26-column 5, line 25; figure 2, ref. Num "232"] 

10. As per claims 23-24 the combination of Kathrow and Pereira discloses an 
apparatus as applied to claim 19 above. Furthermore Kathrow discloses an apparatus 
wherein the processor operable to receive instructions which, when executed by the 
processor, cause the processor to authenticate the system registry after reading the 
system registry comprises the process : 

• Generating a new registry security value [ Fingerprint of the registry 
file/s which includes hash value of the Windows registry file/s]; 

[Column 5, lines 41-62; figure 2, ref. Num "234"] (The new registry finger 
print is generated and stored on storage shown on figure 2, ref. Num 
"234"] 

• Comparing the new registry security value with the stored registry 
security value; [Column 6, lines 20-21; column 7, lines 1-6; figure 
2, ref. Num "242"] and allowing processing to continue if the new 
registry security value is equal to the stored registry security 
value. [Column 6, lines 32-36; column 10, lines 38-43] (The 
processing will not be allowed to continue if the new registry 
security value is not equal with the stored security value. If this is 
the case, that is if they are found to be different, then the 
comparison result will be reported. 

Conclusion 
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1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 571- 
272-3806. The examiner can normally be reached on Monday-Friday (8:00 am— 4: 
30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax 
phone number for the organization where this application or proceeding is assigned 
is 703-873-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, 
contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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